Summary: A critical vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users’ systems when extracting malicious files from nested archives. This flaw, tracked as CVE-2025-0411, has been patched, but many users may still be vulnerable due to the lack of an auto-update feature. Users are urged to update their 7-Zip installations to mitigate potential malware attacks.
Threat Actor: Various threat actors | DarkGate, Water Hydra
Victim: 7-Zip users | 7-Zip users
Keypoints :
- 7-Zip’s vulnerability allows attackers to bypass MotW protection, leading to potential code execution.
- The flaw requires user interaction, such as visiting a malicious page or opening a harmful file.
- Users should update to the patched version (7-Zip 24.09) to protect against exploitation.